ES2581477T3 - Mutual anti-piracy authentication system in smartphone type software identifiers and in their SMS - Google Patents

Abstract

The present invention relates to a mutual authentication system of an operation between a first part (Part A) and a second part (Part B) based on a dialogue during which said first and second parties exchange a predetermined number of keys of a only use. The system using physical and logical means - hardware / software - follows a procedure during which both parties exchange at least four single-use keys (OTP keys) that are available to the second part (Part B) in a single third table (TB3), while the first part (Part A) has them distributed in two first tables (TA1, TA2) contained in different devices (DA1, DA2).

Description

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

DESCRIPTION

Mutual anti-pirate authentication system in smartphone type software identifiers and in their SMS Field of the invention

The present invention is included within the systems for the authentication between two parties to perform an operation that is carried out by means of a virtual dialogue.

Background of the invention

There are currently many systems for authentication that make use of smartphones as a device that supports the application that must be used by one of the parties that authenticate with that system. These smartphones are currently the main objective of new personality impersonation fraud techniques, such as Phishing, Pharming (vulnerability) and Man in the Middle (intermediary), which use social engineering techniques and a variety of malware (malicious software) (keyloggers) , stealers, ZeuS Man in the Mobile -MitMo-, SpyEye, etc.) that also significantly affect the security of the authentication applications that run on these smartphones. Applying these techniques, criminals even get to be able to get a copy of the application that is being used for authentication so that, later, supplanting the personality of the smartphone owner can commit fraud.

Recent studies have shown that the security systems in use not only fail to reduce fraud on the Internet of phishing, but that the number of frauds committed each year increases.

According to the latest information, cell phones are being confirmed as the favorite objective of hackers. Between January and June 2011 there was an increase in mobile malware of 273% compared to the same period in 2010, while the global growth of new threats was 16%. These figures are derived from the latest report by G Data Security Labs, which ensures that the growth of mobile terminals and their security deficiencies makes them the new favorite targets. "With the" malware "for mobile phones, cybercriminals have discovered a new business model," explained the head of G Data Security Labs, Ralf Benzmuller. "Unfortunately, we can hope that we are witnessing the birth of a new and potentially very lucrative market niche for cybercriminals and we expect continued growth of" mobile malware "here at the end of the year," he added.

The following techniques stand out among those used by criminals to commit fraud:

- The keyloggers (keyloggers):

It is a type of software or a specific hardware device that, once installed on a PC or similar device, is responsible for recording the keystrokes that are made on the keyboard and then memorizing them in a file or sending them through the internet. It is usually used as malware of the daemon type, allowing other users to have access to important passwords, such as credit card numbers or other private information that you want to obtain. It is said that a virtual keyboard can be used to avoid this, since it only requires mouse clicks. However, the newest applications also register screenshots (screenshots) when a click is made, which cancels the security of this measure.

- Phishing (phishing):

It occurs when in a virtual dialogue, usually between a company and a client, the offender impersonates the personality of the company so that the client thinks that he is talking with the corresponding company and thus the client, thinking that he is talking with the corresponding company, delivers to the offender the data used for authentication against said company. Subsequently, the offender uses this data to dialogue with the company supplanting the client and thus being able to commit the fraud.

- The Man In The Middle (intermediary) (MITM)

It occurs when the offender, using the appropriate techniques, manages to intercept and modify, when deemed appropriate, any of the messages that are being exchanged, usually a company and its client, throughout a virtual dialogue.

- Zeus Mitmo: Man in the Mobile (mobile phone infection)

This is applied in those cases in which the authentication solution is based on the sending of an SMS to the client's mobile to inform him of the data that the company has received from the client in his operation execution request and also so that the client Know the key of a single use (OTP) that the client must use to confirm the operation. This is the case of many banking entities that, apart from the signature key or coordinate card necessary for the authorization of a transfer, use a second phase of authentication. This is usually done by sending a code via SMS to the customer's mobile phone, which you must enter on the bank's website to make the transfer successfully.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

The fraud is committed when the offender manages to intercept the received SMS, through a Trojan installed in the client's mobile, and send it to his phone. Thus, if the offender has succeeded in supplanting the client, by means of a MITM or any other combination of techniques, and sending the company an operation request for their benefit, it will happen that the client will not know and, in addition, the offender will receive in the SMS intercepted the OTP key that you will need to confirm this operation.

It can be said that there will be more and more procedures for SMS interception.

As already mentioned, the presence of smartphones, with the increase in connectivity and the availability of information, are causing malicious code developers to focus their threats on mobile devices. Thus, the objective of an important part of the new malware is the smartphone and thus we can find Trojans that are capable of:

• detect the typing of a PIN and send it to a criminal;

• get to send a whole application with your files to a third party;

• intercept the SMS and send them to a criminal's cell phone.

This fact suggests that, from now on, all authentication procedures currently used by a smartphone, for example, with algorithms for the generation of an OTP or OTP reception in an SMS, are likely to be violated and should be updated to avoid these new fraud techniques.

A wide variety of systems for authentication, which use different means and procedures to obtain the authentication of operations between two parties that have a virtual dialogue, is currently available in the market.

Thus, there are systems that use one or two OTP keys. But, in such systems, if an intruder, by means of repeated attempts, types the correct OTP, it can violate the system. Likewise, a user of this system can suffer a Phishing / Pharming attack in real time, in which case the fraudulent operation can be completed since, if an intruder is done with the first OTP key and uses it before its validity expires , such an intruder can connect to the company posing as the client.

There are also systems that use two OTP keys and one fixed. In this case an intruder can be made with the fixed key of a client by means of a previous Phishing / Pharming. In such a case, the intruder can carry out a denial of service attack by being able to repeatedly ask the intruder for access to the system, since this is forcing the company system to reply by sending an OTP, with that this implies in terms of resource consumption.

There are also systems that use three OTP keys.

On the other hand, the systems that use the electronic signature are also vulnerable. Thus, for example, a page loaded under SSL, whose digital certificate comes from a trusted entity (which the browser loads without issuing errors) and in which the famous 'lock' appears, cannot be considered secure. (Online fraud, with digital signature and SSL, in which the user digitally blindly signs the SHA-256 hash of a file whose content it does not control. Technically, by signing the umvoco summary of the file with a recognized certificate, the signed acquires validity legal; June 2009, Security By Default).

Other systems use the coordinate card as the only means of authentication. But, in these systems, a user attacked by phishing can provide the keys stored on their corresponding coordinate card. In this case, a Trojan may be recording the information displayed on the screen or the information that the user types. Also one or more card keys and subsequently, based on repeated attempts to operate, it can be obtained through a phishing that the key requested by the bank can finally coincide with that of the offender and thus the offender can commit the fraud.

The most important limitation of the use of the card of coordinates (keys) is the low number of values that can contribute forcing the reuse of these keys. This is the origin of its greatest vulnerability.

Also the service for the confirmation of an operation through SMS poses problems. After stealing a client's fixed access code from the corresponding company's portal, it is thus possible for a criminal to enter the portal and access the client's profile to modify the corresponding mobile phone number of the client and putting the offender his ; or it is also possible for the offender to intercept your SMS, so fraud is possible.

Document US2007174909 discloses an OTP for the generation of a corresponding unique key (M) to search and develop an authentication, when the class corresponds to a response key (N). A short message service (SMS) server converts the search to a text message. An OTP terminal, for example cell phone, detects the search from the SMS server. A personal communications device, for example, personal computer, transmits the key (N) to the OTP server when the key (N) corresponding to the search transmitted from the OTP server is registered.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

Description of the invention

The invention relates to a mutual authentication system of an operation according to claim 1. Embodiments

System preferences are defined in the dependent claims.

The invention relates to a system for the mutual authentication of an operation between a first part and a

second part based on a dialogue, during which said first and second parties exchange a number

default single-use keys, in which:

- said first and second parts are biunvocably identified among themselves by a first identifier and a second identifier;

- said first and second parts are in communication through two or more different communication channels;

- said first part has a first device, a second device in which a first authentication application and a third device reside;

- said second part has a central authentication server in which a second authentication application associated with said first authentication application resides;

- each of the second and third devices having first and second key tables, respectively, and the central authentication server having a third key table associated, with a biunvoca correspondence, to the first identifier of the first part;

in which:

- said third table has a predetermined number of rows and equal to the number of rows of the first and second tables,

- said third table contains in each row at least all the single-use keys to be exchanged and used in the system during the operation, said third table being the only one containing all the keys to be exchanged and used;

- said first and second tables each have a part of all the single-use keys that will be exchanged and used in the system during the authentication operation, said first and second tables having all the keys, always in one same row;

in which:

- the first part obtains a first key to use in the operation by means of the second corresponding device;

- the first part sends, by means of the first corresponding device, a first communication channel to the central authentication server of the second part together with the corresponding first identifier and together with the data relating to said operation;

- the central authentication server verifies that said first received key coincides with that contained in the row of the corresponding third table associated with the first identifier that is being used, and if it is correct it sends a second communication channel to the first or second devices of the first part a message, headed by the second identifier, which contains a second key, at least a third key and operation data, whose message is encrypted with a fifth key, said second, third and fifth keys being located therein row that said first key in the third table;

- the first part receives the encrypted message, verifies that the second identifier is correct, and the second device decrypts it with the fifth key contained in the row to be used of the corresponding first table and verifies that the second received key matches that of the second same row of the first corresponding table; if said second key is correct, the second part is authenticated against the first part and the second device presents the operation data received in said message to the first part so that it can verify said data; if the first part gives the corresponding agreement to this data, the second device provides the first part with said at least third key received in said message;

- by means of the second table contained in the corresponding third device, the first part obtains at least a fourth key located in the same row as said at least third key of its second table;

- the first part sends from the first device corresponding to the central authentication server of the second part said at least fourth key together with the first identifier and the first key; the second part verifies that said at least fourth received key coincides with that contained in the row in use of the corresponding third table; and if it is correct the central authentication server sends a confirmation of

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

operation performed successfully to the first device.

By means of the authentication system that has just been defined, any of the fraud techniques mentioned above can be invalidated, even if one of the parties uses a mobile phone or smartphone to support the first authentication application since:

• Use single use keys (OTP) so that if they are captured they are not used for reuse.

• Authentication is mutual and the first part never gives the final authentication key corresponding to the second part before the second part has been authenticated.

• The messages exchanged in the dialogue travel through a different communication channel than the one used to receive the source message of its content so that it is difficult to intercept and track all the messages that make up the dialogue.

• Authentication and authorization for an operation requires from the first part a confirmation of the data that the second part has received in the corresponding operation execution request, so that the first part knows exactly what it is that it is authorizing.

• The messages that the second part sends to the first part travel encrypted with a single-use code, so that, even if an offender intercepts it, they cannot interpret or manipulate it.

• The messages that the second part sends to the first part are authenticated with a single-use password (OTP), so that they cannot have been sent by any other person or party that impersonates the people or parties that should be true emitters.

• The second device - which is preferably a mobile phone (smartphone) or similar - does not have all the keys that are exchanged in the authentication process, being necessary to have the third device, preferably a key card, which complements it and who provides the key / s missing from that second device. This third device does not have communication with any other device that can facilitate the entry of malware and access to its content. In this way, even if a criminal through malware introduced in the second device manages to copy the authentication application, it will be of no use because the offender will not be able to complete any authentication operation because he lacks the keys that reside in the third device.

In the system of the invention it is preferably understood by each of the entities (people or machines) that dialogue with each other for their interest in the same business.

The central authentication server of the second part preferably contains as many third tables as different first parties want to perform authentication operations with the second part, each third table being different for each of these first parts.

Preferably the second authentication application resident in said central authentication server has a row counter indicating which is the last row of the third table that has been used, and in which said row counter is incremented by one unit each time The central authentication server sends to the second device of the first part the encrypted message originated in response to the acceptance as valid of the first key received from the first part.

Similarly, the first authentication application resident in said second device preferably has a row counter indicating which is the last row of the first table that has been used, and in which said row counter is incremented by one unit each Once the first authentication application accepts as authentic said encrypted message received from the second part.

During an operation, there may be a problem in which the second part sends said encrypted message to the first part and that, under any circumstance, it is not properly processed by the second device's authentication application. In this case the first table of the first part is out of sync with the third table of the second part as to which has been the last row of keys used. This is because the used row counter of the third table, when the central authentication server sends the encrypted message, is increased by one unit while the authentication application of the second device, by not correctly processing said encrypted message does not increase your used row counter in the first table. For this reason it happens that for the next authentication operation the second part expects to receive from the first the first key of the next row, while the authentication application of the second device, having not increased its counter of used rows of the first table TA1, is telling the first party to use the first key V1 of the previous row.

To solve this problem, a preferred embodiment of the system object of the invention includes a synchronization process to synchronize the row counters of said first and third tables; This synchronization process is executable in response to the central authentication server verifying that the first part requests an authentication operation using a value of the first key corresponding to the row before the

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

indicated by the used row counter of the third table.

Preferably said predetermined number of single-use keys (or OTP keys) exchanged between said first and second parts is at least four, also using the fifth key used for encryption.

Preferably, the first device of the first part is a PC, although it could also be a mobile phone, ATM, Point of Sale Terminal, or any other device with equivalent capabilities, which can request and perform operations in a non-face-to-face manner, which is why , require mutual authentication of the parties involved.

The central authentication server of the second part is preferably a hardware / software device that contains an authentication application to act as the central system authentication server for the second part. It preferably has the capacity to process and communicate through one or more communication channels, so that it can exchange information with the first and second devices of the first part and execute the operation defined by the system.

The second device of the first part is preferably a device with process and communication capability that can exchange information with the central authentication server of the second part through one or more communication channels, receiving information on the operation of automatic or semi-automatic authentication previously requested from the first device and the way in which the operation defined by the system must continue to be executed. The second device has an authentication application for the management of communications, management of the first table and support of the operation of the system.

The results of the treatments are communicated to the central authentication server or, as the case may be, directly to the first part by other means, preferably for display on a screen of said second device, which is preferably a mobile phone.

The third device is preferably an easily portable device for the first part. Preferably it is a key card in which the second table is printed. It can also be a token, whose mission within the system is to allow the first part to query the second table it stores. It is characterized in that it does not have the ability to communicate with any other device that can facilitate the entry of malware and access to its content.

Said third device may also be a double table key card in which two second tables are printed, each on one side of the key card.

In this case of double table key card:

- said encrypted message contains at least two third keys located in the same row as said first key in the third table that are provided by the second device to the first part if it conforms to the operation data also received in said message ;

- by means of said second tables the first part obtains at least two fourth keys located each in the same rows as said at least two third keys, respectively, of their second tables;

- the first part sends from its first device to the central authentication server of the second part said at least two fourth keys together with the first identifier and the first key; verifying the second part that said at least two fourth keys received coincide with those of its third table; and if they are correct, the central authentication server sends an operation confirmation successfully to the first device.

The message encrypted with the fifth key is preferably an SMS message sent directly to the second device.

Alternatively said message encrypted with the fifth key is a message sent to the first device of the first part who, after processing said message and formatting it, forwards it to the second device through one of the possible communication channels between said first and second devices, in a automatic or semi-automatic operation with intervention of the first part.

Said encrypted message can be sent from the central authentication server to the second device through the Internet.

The message can be transmitted between the first device and the second device of the first part through the use of QR barcodes (Quick Response barcode, is a system for storing information in a dot matrix or in a barcode). In this way, when the first device receives the message, it transforms it into a QR code that is presented on the screen, and that the second device captures for its subsequent treatment.

The preset number of rows of the third table is preferably equal to the number of authentications that it is desired to be able to perform between said first and second parts using said third table.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

In summary, the authentication system is constructed using four physical or logical devices, that is, the first device, the second device, the third device and the central authentication server, with the capabilities described in the invention, two authentication applications. , the first authentication application installed on the second device and the second authentication application installed on the central authentication server, which perform the operation described in the invention for each of them; three key tables, created as detailed in the description of the invention, and two parts, that is to say the first part and the second part, which perform an authentication operation between them following the authentication procedure of the invention.

Brief description of the drawings

To complement the description that is being made and in order to help a better understanding of the features of the invention, according to a preferred example of a practical embodiment thereof, a set of drawings is accompanied as an integral part of said description. where, with an illustrative and non-limiting nature, the following has been represented:

Figure 1 shows a scheme of the message flow and operations of the system devices for the authentication of the invention.

Figure 2 shows a diagram of the relationships between tables TB3, TA1 and TA2.

Figure 3 shows a diagram of the relationships between tables TB3, TA1, TA21 and TA22 for the case of using a double table key card.

Figure 4 shows an example of a double table key card.

Preferred embodiment of the invention

In the preferred embodiment of the invention, a person or Part A is connected to an application that your banking entity or Part B has in its PC or first DSO device to perform internet operations. These Part A and Part B are identified among themselves by respective unique Id and IdB identifiers and biumvocos.

Part A also has a mobile phone as a second DA1 device and a double table key card as a third DA2 device. Part B is represented by an internet application with a central SCA authentication server.

This Part A has at its disposal two key tables, a first table TA1 contained in mobile phone DA1 and a second table TA2 contained in the key card, which being in this case a double table key card is split into two second tables TA21 and TA22.

Part B, with which Part A wants to authenticate, has a third TB3 key table on the central SCA authentication server, different from the first and second tables TA1 and TA2 (or TA21 and TA22 in the case of a credit card). double table keys) but totally related to them by the logic contained in the system. As shown in Figures 2 and 3 and as will be explained in detail below, the third table TB3 is the only one that contains all the keys (first, second, third, fourth and fifth keys V1, V2, V3, V4 and V5) that will be exchanged and used between the parties throughout the authentication process, creating the first and second tables TA1 and TA2 - or second tables TA21 and TA22 - from the third table TB3, and complementing each other to collect all the keys stored in TB3.

The third table of keys TB3, generic, consists of a predetermined number of rows, as many as authentication operations you want to be able to perform with it. The authentication application of the central authentication server SCA that manages this third table TB3 has a counter that indicates at all times what is the next row of keys that should be used in an authentication operation.

In order for Part A to exchange all the keys required by the authentication process, it is necessary to have the first and second tables TA1 and TA2; If only one of them is available, it will be impossible to complete the process.

The central authentication server SCA of Part B has stored as many third tables TB3 as different parts A want to perform authentication operations with Part B, and each third table TB3 is different for each of these Parts A, so there is a one-to-one relationship between each of the Type A Parties and the third TB3 tables managed by the SCA.

Each of the third tables TB3 has a different identifier and is directly related, biunvocably, with the IDA identifier by which the central authentication server SCA knows each of the Parties A that will use the object authentication system of the invention and described herein.

As shown in figure 1, when A wants to perform an operation that must be authenticated, such as: identification operation, money transfer, authorization of order to execute, ... through your PC you connect to the website that Part B has to perform operations on the Internet. Start an authenticated operation request to

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

55

which the application asks for a password.

Note: in this figure 1 the communication made by a communication channel automatically between devices is shown with continuous line, and with the dashed line the communication made manually by Part A.

Part A opens an authentication application previously loaded on the mobile phone (step 100), and this application accesses the used row counter, searches for the new row to use in its TA1 table, locates the value of the first key V1 of the row and submit it on screen (step 200) to be used in the operation request that Part A will perform from your PC.

Part A types the first key V1 on its PC which is sent to the central authentication server SCA of Part B (step 300) together with the IDA identifier of Part A and data of the operation to be authenticated (message M1DSOSCA) .

The central authentication server SCA receives said M1DSOSCA message and accesses the third key table TB3 corresponding to the IDA identifier of the received Part A. Check the used row counter of this TB3 table and access the row to use in this authentication operation. Verify that the first key V1 of that row matches the one that has arrived (OPlDSOSCA operation). In the event that there is no match between the first received V1 key and the one in the row to be used, the central authentication server SCA verifies whether the first received V1 key matches that corresponding to the row before the one indicated by your used row counter of your TB3 table and, if so, proposes you to perform a synchronization operation that puts the counters of the third and first tables TB3 and TA1 with the same value so that they are synchronized again; in the event that there is no match between the first V1 key received and the one in the row to be used but neither is the previous case, the central authentication server SCA responds to the PC indicating the problem detected and ends the operation. In the event that there is a match between the first V1 key received and the one in the row to be used, the central authentication server SCA sends an SMS (message M1SCADA1) to the mobile device DA1 of Part A (step 400) that It is headed by the second IdB identifier and that contains the data of the operation to be authenticated together with the first key V1, a second key V2 and a third keys V31 and V32, where all these keys are keys of the row in use, all this -except for the second IdB identifier- encrypted with the fifth key V5 of the row in use; increments the used row counter of said table TB3 by one unit; It is waiting to receive the message necessary to complete the authentication operation initiated.

The open authentication application on the mobile phone of Part A receives the SMS, verifies the second IdB identifier, accesses the first TA1 key table, consults the used row counter of said table and accesses the row that is being used ; decrypts the SMS with the fifth key V5 of said row and verifies that the first and second keys V1, V2 received match those of said row (operation OP1SCADA1). In the event that there is no match between the first and second keys V1, V2 received and those in the row to use the mobile phone authentication application, the operation is terminated indicating to Part A that there has been a problem with the message received from Part B and that you contact her. In the event that there is a match between the first and second keys V1, V2 received and those in the row to use the mobile application, Part B is authenticated against part A and the mobile phone authentication application presents on screen to Part A the operation data received in said message so that Part A authorizes them; If Part A agrees to this data, the mobile phone authentication application provides Part A with the third keys V31 and V32 (step 500) received in the message.

Part A searches the double table key card (operation OP1DA1DA2) for the value V41 of row V31 of table TA21, and the value V42 in row V32 of table TA22 (step 600).

Part A types these values V41 and V42 on its PC (operation OP1DA2DSO), which sends them to the central authentication server SCA (step 700) to authenticate to Part A together with the identifier IdA of Part A and the first key V1 previously used (message M2DSOSCA).

The SCA central authentication server of Part B verifies that the data that arrives to it is correct for the authentication of the current Part A (OP2DSOSCA operation); if they are correct, it terminates the authentication and communicates to the PC its result (step 800) with an M1SCADSO message containing the first IdA identifier of Part A and the second identifier, together with the rest of the operation data and the Indicator that the operation has been authenticated correctly.

The PC presents the result of the authentication operation to Part A.

This system of authentication of operations, exposed in the preferred mode of implementation, achieves that:

- Even if a criminal “copies” the authentication application of a user's mobile phone with their key tables, or steals the cell phone, they cannot commit any fraud since in order to finalize the authentication it is also necessary to have the key card.

- Even if an offender intercepts the SMS, he cannot commit the frauds that are based on his modification in online mode since the SMS travels encrypted.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

- It is not necessary to use a PIN to open the application on the mobile phone because by itself, without having the key card, you cannot perform authentication operations.

- It is possible in the encryption / decryption of the messages that are exchanged since the authentication application in the mobile phone has keys to be easily used.

- The only two click operations that Part A has to perform are performed on your PC, whose operation you are already used to.

In addition, in the preferred mode of implementation of the invention, the two key devices managed by the client are familiar: mobile phone and key card.

The synchronization process that the second authentication application of the central authentication server SCA proposes when Part A has requested an authentication operation using a value of the first key V1 corresponding to the first key in the row prior to that indicated by its used row counter of your third table tB3, can be carried out as follows:

- The central authentication server SCA sends to the first DSO device a message indicating that it should be performed

a synchronization operation and for this you must use a synchronization key that is indicated, which is

corresponds to the fifth key V5 of the row indicated by the next row counter to be used in its third table TB3, so that the first DSO device reports to Part A.

- Once the message has been sent, it increases the counter value by one unit.

- Part A sees the message received on its first DSO device and asks the first authentication application of its

second device DA1 a synchronization operation; this asks Part A to indicate the value of the key of

synchronization to deal with.

- The first authentication application receives the value of said synchronization key, check that it matches

the value of the fifth key V5 of the next row to which its counter points and, if so, sets the value of

counter the row number following that contained in said fifth key V5.

In this way, the counters of the third and first tables TB3, TA1 have the same value and are synchronized again.

The following explains how they are generated and the relationship between the first, second (or second) and third key tables used by the system.

As shown in Figure 2, each row of the third table TB3 is composed of six or more data cells, where:

to. the first cell TB3C1 contains a sequential number that indicates the order number that the row has inside

from the table starting from number 1.

b. The second cell TB3C2 contains the first key V1 consisting of a random number obtained in the process of generating this third table TB3. Its length adapts to the level of security required by the environment where the authentication system is applied, but a minimum of four digits is recommended. The requirement that a specific value of V1 can only appear once within the same table must be met.

C. The third cell TB3C3 contains the second key V2 consisting of a random alphanumeric value obtained in the process of generating this third table TB3. Its length adapts to the level of security required by the environment where the authentication system is applied, but a minimum of five figures is recommended.

d. the fourth cell TB3C4 contains the third key V3 consisting of a random number between zero and the number that expresses the number of rows of the second table TA2 (equal to the number of rows of the third table TB3), obtained in the generation process from the third table TB3. The requirement that a specific value of V3 can only appear once within the same table must be met.

and. the fifth cell TB3C5 contains the fourth key V4 consisting of a random number obtained in the process of generating this third table TB3. Its length adapts to the level of security required by the environment where the authentication system is applied, but a minimum of four digits is recommended.

F. the sixth cell TB3C6 contains the fifth key V5 consisting of a random alphanumeric value obtained in the process of generating this third table TB3. Its length adapts to the level of security required by the environment where the authentication system is applied, but a minimum of five figures is recommended.

There may be a seventh and subsequent cells, provided that the level of security required by the environment where the authentication system is applied advises the way of performing more complex encryption of the messages received and sent from the central authentication server. All these keys will contain a random alphanumeric value (V6, V7, ...) obtained in the process of generating the third table TB3. Likewise, its length will adapt

5

10

fifteen

twenty

25

30

35

40

Four. Five

at the level of security required by the environment where the authentication system is applied, but a minimum of five alphanumeric characters is recommended.

In the process of generating each of these third tables TB3:

to. The identifier of each of the tables to be generated is freely created with the only condition that said name is unique within the set of tables already generated.

b. The only input variables that must be set for the generation process are: the number of rows that the table wants, which must correspond to the number of authentications that can be made between Part A and Part B using said table; and the one of the number of columns that is desired has the table, being five the minimum number of columns.

C. To generate random numbers or strings, the generation process makes use of randomization software algorithms. Depending on the security requirements to be met, these algorithms can use variables created by hardware devices.

The first and second tables TA1 and TA2 are composed of a predetermined number of rows, as many as the third table TB3 has. The content of each and every one of the rows of the first and second tables TA1 and TA2 comes from the existing one in the same row of the third table TB3 and the only difference is that cells in the third table TB3 are contemplated in the rows of the first table TA1 and which in the second table tA2.

The rows of the first TA1 table are made up of four or more data cells, where:

to. the first cell of row TA1C1 contains the row number (nnnn) of the third table TB3 from which they are going to

extract the data contained in the row;

b. the second cell of row TA1C2 contains the same value of the first key V1 that exists in cell TB3C2 of the same row of the third table TB3;

C. the third cell TA1C3 of the row contains the same value of the second key V2 that exists in cell TB3C3 of the same row of the third table TB3;

d. the fourth cell TA1C4 of the row contains the same value of the fifth key V5 that exists in cell TB3C6 of the same row of the third table TB3;

and. when there are a sixth and subsequent cells in the third table TB3, from which the first TA1 comes, you are

cells appear with the same content and sequence, in all rows of the first TA1 table.

The mobile phone authentication application that manages this first TA1 table has a row counter that indicates at all times what is the next row of keys that should be used in an authentication operation.

In the second table TA2:

to. The first cell TA2C1 contains the same random number of the third key V3 as the fourth cell TB3C4 of the third table TB3.

b. The second cell TA2C2 contains the random number of the fourth key V4 which has the fifth cell TB3C5 of the third table TB3.

In the case that the third DA2 device is a double table key card, the first, second and third tables are slightly different (see figure 3).

In this case, it must be taken into account that the second TA2 table is replaced by two second tables, TA21 and TA22. The number of rows of these second tables TA21 and TA22 is limited by the size of the double table key card and it is advised to have a value of 50 or 60 rows. This value takes into account in the process of generating the third table TB3 since in this case cells TB3C4 and TB3C5 of table TB3 are replaced by cells TB3C41, TB3C42 and TB3C51, TB3C52, whose content is:

to. cell TB3C41, a random number V31, between zero and the number that expresses the number of rows in table TA21;

b. cell TB3C42, a random alphanumeric value V41 whose length is adapted to the requirements of the system's security level, with a minimum of two positions being advisable;

C. cell TB3C51, a random number V32, between zero and the number that expresses the number of rows in table TA22;

d. cell TB3C52, a random alphanumeric value V42 whose length adapts to the requirements of the system's security level, with a minimum of three positions being advisable.

5

10

fifteen

twenty

25

30

35

40

Four. Five

fifty

In this case of double table key card the possible number of rows of the third table TB3 is limited by the number of rows that have the second tables TA21 and TA22, not exceeding the number resulting from multiplying the number of rows of TA21 x number of rows of TA22. This requirement has the purpose that in the different authentication operations that can be performed with the same key card the use of the same combination of rows of the two tables is never repeated. That is, it is that, once a specific pair of rows is used, one of the TA21 table and another of the TA22 table in an authentication operation this combination of rows can no longer be used again, thus obtaining that the fourth code formed by the series of characters from V41 and V42 is a single-use code (OTP code) within the operation contemplated by the system object of the invention.

In this case of a double table key card, the algorithm that generates the values V31 and V32 for a specific row of the third table TB3 controls that said pair of values does not appear in any of the rows generated previously for the same third table TB3.

In this case of a double table key card, column TA1C4 of the first table TA1 is replaced by columns TA1C41 and TA1C42 that contain, respectively, the values of columns TB3C4 (V31) and TB3C6 (V32) of the third table TB3 from which it comes.

As already indicated, in this case the second table TA2 is broken down into two second tables, TA21 and TA22. Table TA21 contains the values of columns TB3C41 and TB3C42 of the third table TB3 from which it comes. Table TA22 contains the values of columns TB3C51 and TB3C52 of the third table TB3 from which it comes.

Figure 4 shows a possible example of a double table key card.

This example uses 50 rows per table so that by combining the rows of the two tables there is a total of 50x50 = 2,500 keys that can be used. The user is asked for the authentication key by asking him to type the keys of two identifiers, one from table A and one from table B. Within the system object of the invention the identifiers of the rows to be used correspond to the values V31 and V32 of tables TA21 and TA22 respectively, and the values associated with these row identifiers correspond to values V41 and V42 of the same tables.

Part A is informed that card codes must be typed to authenticate the operation, by means of a message such as: "Keys to be typed: Row A09 and row B48".

On the PC or medium in which you are performing the operation (first DSO device), you are requested:

“Type the keys of:

row A: xxx (you must enter the password for row A09) row B: xxx ”(you must type the password for row B48).

Thanks to this double table key card, a much larger volume of keys can be generated to avoid the need for key reuse.

In the authentication system that has been defined there is no risk of fraud since:

- The system that uses the different keys for authentication controls that these values cannot be used more than once within the operation of the system (OTP keys).

- The channel through which the identifier of which key of the key card must be used in the authentication process is communicated is different from the channel used to provide that value.

- The message communicating the identifier of the key that must be used in the authentication process travels encrypted and authenticated.

In this way, the advantages of OTP systems are achieved and it is also avoided that a malware installed in one of the channels can intercept and manipulate the messages or keep track of the identifiers and their associated values.

As a complement and previous step to the described authentication, when a first part, Part A, wants to use the authentication system object of the invention, it must be agreed with the second part, Part B, to be assigned a third table type TB3 and its first and second tables TA1 and TA2, derived from it. From that moment on, said tables can be processed by the central authentication server SCA and its identifiers within the SCA are directly related to the IdA identifier by which the SCA knows said Part A.

The first TA1 table is delivered to Part A through a download on its second device DA1.

The second TA2 table is delivered to Part A in its third DA2 device, being a security token, a key card - preferably double-sided, TA21 and TA22 tables -, or any other means with capacity for

storage and subsequent consultation.

In view of this description and set of figures, the person skilled in the art will be able to understand that the embodiments of the invention that have been described can be combined in multiple ways within the object of the invention.

Claims (17)

5 10 fifteen twenty 25 30 35 40 Four. Five fifty 1.- Mutual authentication system of an operation between a first part (Part A) and a second part (Part B) based on a dialogue during which said first and second parties exchange a predetermined number of single-use keys, in the one who: - said first and second parts are biunvocably identified among themselves by a first identifier (IdA) and a second identifier (IdB); - said first and second parts are in communication through two or more different communication channels; - said first part (Part A) has a first device (DSO), a second device (DA1) in which a first authentication application and a third device (DA2) reside; - said second part has a central authentication server (SCA) in which a second authentication application associated with said first authentication application resides; - each of the second and third devices (DA1, DA2) having first and second key tables (TA1 and TA2), respectively, and the central authentication server (SCA) having a third associated key table (TB3), with a biunvoca correspondence, to the first identifier (IdA); in which: - said third table (TB3) has a predetermined number of rows equal to the number of rows of the first and second tables (TA1, Ta2), - said third table (TB3) contains in each row at least all the single-use keys to be exchanged and used in the system during the operation, and is the only table containing all the keys; - said first and second tables (TA1, TA2) each have a part of all the single-use keys that will be exchanged and used in the system during the operation, said first and second tables always having all the keys in the same row; in which: - the first part (Part A) is adapted to obtain a first key (V1) to be used in the operation by means of the corresponding second device (DA1); - the first part (Part A) is adapted to send, through its first device (DSO), through a first communication channel, to the central authentication server (SCA) of the second part (Part B), this first key (V1 ) together with the corresponding first identifier (IdA) and together with data related to said operation; - the central authentication server (SCA) is adapted to verify that said first key (V1) received matches the corresponding key in the row of the corresponding third table (TB3) associated with the first identifier (IdA) being used, and if it is correct, it is adapted to send, by a second communication channel, to the first or second devices of the first part (Part A) a message (M1SCADA1) headed by the second identifier (IdB) containing a second key (V2), at least a third key (V3) and said operation data, whose message is encrypted with a fifth key (V5), said second, third and fifth keys (V2, V3, V5) being located in the same row as said first key (V1) in the third table (TB3); - the first part (Part A) is adapted to receive the encrypted message, is adapted to verify the second identifier (IdB) and the second device (DA1) is adapted to decrypt it with the fifth key (V5) contained in the corresponding first table (TA1) and is adapted to verify that the second key (V2) received matches the corresponding one in the first table (TA1); if said second key is correct, the second part (Part B) is adapted to be authenticated with respect to the first part (Part A) and the second device (DA1) is adapted to present to the first part (Part A) the data of the operation received in said message (M1SCADA1) so that it can verify said data; if the first part (Part A) agrees with this data, the second device (DA1) is adapted to provide the first part (Part A) with said at least third key (V3) received in said message (M1SCADA1); - by means of the second table (TA2) contained in the corresponding third device (DA2) the first part (Part A) is adapted to obtain at least a fourth key (V4) located in the same row as said at least third key (V3) of the corresponding second table (TA2); - the first part (Part A) is adapted to send, from the corresponding first device (DSO), to the 5 10 fifteen twenty 25 30 35 40 Four. Five fifty central authentication server (SCA) of the second part (Part B), said at least fourth key (V4), together with the first identifier (IdA) and the first key (V1); the second part (part B) is adapted to verify that said at least fourth key (V4) received matches that corresponding to the third table (TB3); and if it is correct, the central authentication server (SCA) is adapted to send a confirmation to the first device (DSO) confirming that the operation was successful. 2. - System according to claim 1, wherein the second authentication application resident on said server Central Authentication (SCA) has a row counter indicative of which is the last row of the third table (TB3) that has been used, and in which said row counter is incremented by one unit each time the central server of Authentication (SCA) sends to the second device (DA1) the encrypted message (M1SCADA1) originated in response to accepting the first key (V1) received from the first part (Part A) as valid. 3. - System according to any of claims 1-2, wherein the first resident authentication application in said second device (DA1) it has a row counter indicative of which is the last row of the first table (TA1) that has been used, and in which said row counter is incremented by one unit each time the first application of authentication accept as authentic said encrypted message (M1SCADA1) received from the second part (Part B). 4. - System according to claims 2 and 3, which also includes a synchronization process to synchronize the row counters of said first and third tables (TA1, TB3) that can be executed in response to the central authentication server (SCA) verifying that the first part (Part A) requests an operation using a value of the first key ( V1) corresponding to the row before the row indicated by the row counter indicating the rows that have been used in the third table (TB3). 5. - System according to any of claims 1-4, wherein said encrypted message is an SMS message sent to the second device (DA1). 6. - System according to any of claims 1-4, wherein said encrypted message is a message sent to the first device (DSO) which, after processing said message and formatting it, forwards it to the second device (DA1) through one of the possible communication channels between said first and second devices (DSO, DA1), in an automatic operation or semi-automatic with intervention of the first part (Part A). 7. - System according to claim 6, wherein said processing and formatting of the message includes the use of QR barcodes. 8. - System according to any of claims 1-4, wherein said encrypted message is sent from the central authentication server (SCA) to the second device (DA1) over the Internet. 9. - System according to any of the preceding claims, wherein said pre-established number of rows of the third table (TB3) is equal to the number of authentications that it is desired to be able to perform between said first and second parts (Part A, Part B) using said third table (TB3). 10. - System according to any of the preceding claims, wherein each third table (TB3) is generated through randomization algorithms each having a unique and different identifier. 11. - System according to any of the preceding claims, wherein each row of the third table (TB3) contains the minus five columns, corresponding to all the keys that will be exchanged and used during each operation. 12. - System according to any of the preceding claims, wherein said predetermined number of keys single-use exchanged between said first and second parts is at least four. 13. - System according to any of the preceding claims, in which once the authentication of said first and second parts (Part A, Part B), at least one message exchanged between them is encrypted with at least one sixth single-use keys, said at least one sixth key being stored in the same row as said first key ( V1) used for authentication. 14. - System according to any of the preceding claims, wherein the central authentication server (SCA) of the second part (Part B) contains as many third tables (TB3) as different first parts (Part A) you have to perform authentication operations with said second part (Part B), and each third table (TB3) is different for each one of these first parts (Part A). 15. - System according to any of the preceding claims, wherein said third device (DA2) is a card of keys in which the second table (TA2) is printed. 16. - System according to any of claims 1-15, wherein said third device (DA2) is a card of double table keys in which two second tables are printed (TA21, TA22). 17. - System according to claim 16, wherein said encrypted message (M1SCADA1) contains at least two 10 third keys (V31, V32) located in the same row as said first key (V1) in the third table (TB3) that are provided by the second device (DA1) to the first part (Part A) if it agrees to the operation data also received in said message (M1SCADA1); Y - by means of said second tables (TA21, TA22) the first part (Part A) obtains at least two fourth keys (V41, V42) each located in the same rows as said at least two third keys (V31, V32), respectively, of the corresponding second tables (TA21, TA22); - the first part (Part A) sends, from the corresponding first device (DSO) to the central authentication server (SCA) of the second part (Part B), said at least two fourth keys (V41, V42) together with the first identifier (IdA) and the first key (V1); verifying the second part (part B) that said at least two fourth keys (V41, V42) received coincide with those of the corresponding ones in the third table (TB3); and if they are correct, the central authentication server (SCA) sends a confirmation to the first device (DSO), confirming that the operation was successful.